European firms, and companies with any European customers, will soon have to follow the General Data Protection Regulations (GDPR). In the US rules vary from state to state but are mostly following California and moving to tighter privacy and security protections.
The widespread trend is to closer regulation which follows changing public attitudes to privacy and data security.
Fines are also growing – GDPR failures can cost a company €20m or up to four per cent of global turnover.
But the most innovative companies are seeing these changes as a business opportunity not just another box ticking exercise.
Security and privacy can and should be seen as a business differentiation strategy – a way to place your firm head and shoulders above the competition.
The cost of security failures is now recognised from the board of directors downwards – it is now a business issue not just an IT problem.
There’s no question that the changes to European rules will require more than a quick audit and brush up of business processes and systems.
For some companies GDPR will require wholesale changes to how customer databases, to take one example, are collected and maintained. Although the details are still not completely clear they will require business to obtain secondary consent from customers if any kind of processing of their data is carried out.
This will require changes in how databases are managed and how easy it is to remove details either when requested or when they expire – GDPR rules that details can only be kept for specific time periods.
For some marketing departments completely new business processes will be needed.
But the changes are an opportunity to update systems and create data platforms and systems which are ready for the future.
Because the changes are so fundamental there will also be a period of legal changes and fine tuning of how the law is applied in practise.
So it is an ideal chance to build systems with as much flexibility as possible.
It is also a chance to standardise systems to save costs and make big data and other additional applications easier to implement.
Most enterprise systems are built up in an ad hoc way, GDPR is a chance to revisit and improve on some of the decisions made in the past in terms of data centre desing and business processes.
Done right this should allow your business to be much more than just compliant with the new regulations.
It should deliver an infrastructure capable of dealing with the challenges of big data and able to bring new applications online far more quickly than before.
It provides a golden opportunity to invest in cleaning up the data the company holds, getting rid of out of date details, and storing it on truly, quickly accessible storage systems.
It should also put the company’s data exactly where it should – at the very centre of the IT infrastructure and at the very centre of business strategy for the future.